| Title | Pattern Extraction for Behaviours of Multi-Stage Threats via Unsupervised Learning |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Alghamdi, A. A., Reger, G. |
| Conference Name | 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) |
| Date Published | jun |
| Keywords | advanced persistent threat, advanced persistent threats, anomaly detection, APT, Behaviour Analysis, Clustering algorithms, Correlation, Cyber Threats Intelligence, cybersecurity, Data analysis, feature extraction, heterogeneous log-files, Human Behavior, IP networks, Log-files Analysis, malicious behaviour, Metrics, Multi-stage threats, multistage threats, pattern clustering, pattern extraction, pubcrawl, resilience, Resiliency, Scalability, security of data, Training data, unsupervised learning |
| Abstract | Detection of multi-stage threats such as Advanced Persistent Threats (APT) is extremely challenging due to their deceptive approaches. Sequential events of threats might look benign when performed individually or from different addresses. We propose a new unsupervised framework to identify patterns and correlations of malicious behaviours by analysing heterogeneous log-files. The framework consists of two main phases of data analysis to extract inner-behaviours of log-files and then the patterns of those behaviours over analysed files. To evaluate the framework we have produced a (publicly available) labelled version of the SotM43 dataset. Our results demonstrate that the framework can (i) efficiently cluster inner-behaviours of log-files with high accuracy and (ii) extract patterns of malicious behaviour and correlations between those patterns from real-world data. |
| DOI | 10.1109/CyberSA49311.2020.9139697 |
| Citation Key | alghamdi_pattern_2020 |
Pattern Extraction for Behaviours of Multi-Stage Threats via Unsupervised Learning